3Com 10014299 Network Router User Manual


 
538 CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
The Callback technique enhances security. In the processing of a Callback, the
server calls the client according to the call number configured locally. This avoids
security risks caused by leakage of user name or password. The server can also
classify call-in requests according to its configuration as refuse call, accept call (no
call back) or accept callback. This serves to exert different limitations upon
different clients and take initiative in ensuring resource access when there are
incoming calls.
The callback technique has the following advantages:
Saves communication expenses, especially when the call charge rates of two
directions are different)
Changes the call charge bearer
Combines call charge lists
The security devices in 3Com routers support the callback technique that is divided
into ISDN caller authentication callback and callback participated in by PPP.
ISDN caller authentication callback does not involve PPP, it directly authenticates
whether the call-in number matches with the number configured by the server.
Hence, only the server end needs a corresponding configuration and the client
needs no modification.
Table 607 Configure Callback User and the Callback Number
A RADIUS server can be configured with callback-number, equivalent to number,
which is defined locally. If
aaa authentication-scheme ppp default radius is
configured then number, which is configured locally, is invalid and the number to
be transmitted to PPP will be decided by callback-number set on RADIUS server. If
aaa authentication-scheme ppp default radius local is configured, local
authentication is used only when the RADIUS server does not respond, and here
number defined locally can work. If
aaa authentication-scheme ppp default
none
is configured, number defined locally does not work.
Configure User with Caller Number
After users with caller numbers are configured, the call-in caller numbers of users
calling in can be authenticated in order. At present, only ISDN users can be
configured to be such type of users.
Table 608 Configure User with Caller Number
Configure FTP User and the Usable Directory
An FTP user and the FTP directory available for the user can be configured in the
local database. The function is reserved temporarily for future extension.
Operation Command
Configure the callback user and the
callback number
local-user user [ callback-number
number ] ...
Delete the callback user and the callback
number
undo local-user user
Operation Command
Configure a user with caller number local-user user [ call-number number
] [ :sub-number ] ...
Delete a user with caller number undo local-user user-name